Struggling movie ticket subscription service MoviePass stored thousands of customer card numbers and personal credit cards in a database that was not protected with a password, reports TechCrunch.

The exposed database, which contained 161 million records, was discovered by Mossab Hussain, a Dubai-based security researcher. Many of the records in the database were computer-generated logging messages, but some also featured sensitive user information like MoviePass customer card numbers.

moviepass august 2018
MoviePass customer cards work like debit cards and are issued by Mastercard, allowing customers who sign up for MoviePass to use them to pay for the full cost of movie tickets.

In a sample of 1,000 records, TechCrunch found that a little over half contained unique MoviePass debit card numbers, expiration dates, and card balance. More than 58,000 records containing card data were found.

The unprotected MoviePass database also featured some customers' personal credit card numbers along with expiration dates, names, addresses, and other billing information. TechCrunch says that records contained enough information to allow someone to make fraudulent card purchases, though some records featured card numbers that were masked with the exception of the last four digits.

Email addresses and passwords related to failed login attempts were also found in the database.

We found hundreds of records containing the user's email address and presumably incorrectly typed password -- which was logged -- in the database. We verified this by attempting log into the app with an email address and password that didn't exist but only we knew. Our dummy email address and password appeared in the database almost immediately.

While Hussain contacted MoviePass CEO Mitch Lowe over the weekend, there was no response. MoviePass left the database online until Tuesday when TechCrunch contacted the company.

The database may have been accessible for months, but MoviePass did not respond to TechCrunch's questions about how long the server was exposed and whether it plans to disclose the incident to customers.

Hussain told TechCrunch that he questions why internal technical teams would be allowed to see critical data in plaintext, "let alone the fact that the dataset was exposed for public access by anyone."

Since its early 2018 launch, MoviePass has failed catastrophically. It ran out of money temporarily in mid-2018 because it was losing up to $40 million per month, and then began cutting back on the quality of service, limiting movie access, raising prices, and even temporarily shutting down.

Earlier this month, there were reports suggesting that MoviePass even went as far as changing the passwords of its most active users in an attempt to save money. Over the course of the last year, MoviePass has allegedly gone from three million subscribers to approximately 225,000.

Top Rated Comments

redneckitengineer Avatar
38 months ago
I jumped ship a LONG time ago when they started limiting and cutting. The funny thing, I haven't been back to the theaters once since. Greedy theaters that didn't want to partner lost all my business. Instead of being reasonable, they lost a lot more.
Score: 8 Votes (Like | Disagree)
KGBguy Avatar
38 months ago
Yep, this company is a total joke. I dumped them 2 months after getting it.
Score: 7 Votes (Like | Disagree)
CarlJ Avatar
38 months ago
Greedy theaters that didn't want to partner lost all my business. Instead of being reasonable, they lost a lot more.
Greedy theaters? Reasonable? MoviePass was selling you deeply discounted tickets that they were buying at full price, and your takeaway is that the tickets were overvalued? If I go bankrupt selling you dollar bills for 25 cents each, do you think that dollar bills are too expensive at normal prices, or that I had a terrible business plan.
Score: 4 Votes (Like | Disagree)
dannyyankou Avatar
38 months ago
Thank god I never took the bait and signed up for this cluster service.
Score: 4 Votes (Like | Disagree)
TMRJIJ Avatar
38 months ago
I honestly thought this company was dead already
Score: 2 Votes (Like | Disagree)
zorinlynx Avatar
38 months ago
Why does this company still exist? Shouldn't it be six feet under by now? How can a company be such a complete cluster-****, lose millions and millions of dollars, and still be around to lose control of customer data?

It's frustrating to see this happen while so many good people are scraping by.
Score: 1 Votes (Like | Disagree)

Popular Stories

airpods pro 2 1

AirPods Pro 2 No Longer Expected to Feature Built-In Heart Rate or Body Temperature Sensor

Sunday July 3, 2022 8:07 pm PDT by
While past rumors have indicated the upcoming second-generation AirPods Pro will feature a built-in heart rate and body temperature sensor, Bloomberg's Mark Gurman has cast doubt on those rumors turning out to be true, saying instead such a feature is unlikely to come anytime soon. "Over the past few months, there have been rumors about this year's model gaining the ability to determine a...
Apple Watch 8 Unreleased Feature Thumb

Apple Watch Series 8 Model Rumored to Feature 5% Larger Display

Monday July 4, 2022 5:50 am PDT by
Apple is working on an Apple Watch Series 8 model with a larger display, according to DSCC's Ross Young and Haitong International Securities's Jeff Pu. In October last year, Young suggested that the Apple Watch Series 8 could come in three display sizes. Now, responding to a query about the rumor on Twitter, Young claims that the additional display size joining the Apple Watch lineup will be ...
intel go pc justin long

Windows Laptop Makers 'Worried' About New MacBook Air Impacting Sales

Tuesday July 5, 2022 6:57 am PDT by
The upcoming launch of Apple's redesigned MacBook Air with the M2 chip has some Windows laptop manufacturers "worried" that sales of Intel-based laptops will be negatively affected, according to industry sources cited by DigiTimes. "A Wintel brand vendor pointed out that at a price point of US$1,000-$1,500, the MacBook Air will crowd out other high-end notebooks," the report claims, with...
European Commisssion

EU Approves Landmark Legislation to Regulate Apple and Other Big Tech Firms

Tuesday July 5, 2022 5:53 am PDT by
European Union lawmakers have approved landmark legislation to heavily regulate Apple, Google, Meta, and other big tech firms. The Digital Markets Act (DMA) and Digital Services Act (DSA) were proposed by the European Commission in December 2020. Now, collected in a "Digital Services Package," the legislation has been formally adopted by the European Parliament and seeks to address...
macbook air m2 order date feature

Apple Announces MacBook Air With M2 Chip Available to Order Starting July 8, Launches July 15

Wednesday July 6, 2022 4:59 am PDT by
Apple today announced that the new MacBook Air equipped with the M2 chip will be available to order starting Friday, July 8 at 5 a.m. Pacific Time. Apple said deliveries to customers and in-store availability will begin Friday, July 15. MacRumors exclusively reported that Apple planned to launch the new MacBook Air on July 15, and the date has now been confirmed by Apple. Customers will be...
top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Lockdown Mode Feature

Apple Announces New Lockdown Mode on iOS 16 With 'Extreme' Level of Security

Wednesday July 6, 2022 10:00 am PDT by
Apple today announced a new Lockdown Mode coming to the iPhone, iPad, and Mac with iOS 16, iPadOS 16, and macOS Ventura. Apple says the optional security feature is designed to protect the "very small number" of users who may be at risk of "highly targeted cyberattacks" from private companies developing state-sponsored spyware, such as journalists, activists, and government employees. Apple...
siri remote 3

Apple Releases Firmware Update for Apple TV Siri Remote

Tuesday July 5, 2022 12:10 pm PDT by
Apple today released new firmware for the Siri Remote designed for the Apple TV, updating the software from version 9M6772 to 10M1103. The software is for the redesigned Siri Remote that was released in May 2021, aka the gray remote with the updated interface. In the Apple TV settings, the new firmware will display as 0x0070, up from 0x0061. There is no word on what's new with the Apple TV...